Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
sac(1M)			System Administration Commands		       sac(1M)

NAME
       sac - service access controller

SYNOPSIS
       sac -t sanity_interval

       /usr/lib/saf/sac

DESCRIPTION
       The  Service  Access Controller (SAC) is	the overseer of	the server ma-
       chine. It is started when the server machine enters multiuser mode. The
       SAC performs several important functions	as explained below.

   Customizing the SAC Environment
       When  sac  is  invoked, it first	looks for the per-system configuration
       script /etc/saf/_sysconfig. sac interprets _sysconfig to	customize  its
       own  environment.  The  modifications  made  to	the SAC	environment by
       _sysconfig are inherited	by all the children of the SAC.	This inherited
       environment may be modified by the children.

   Starting Port Monitors
	After it has interpreted the _sysconfig	file, the sac reads its	admin-
       istrative file /etc/saf/_sactab.	_sactab	specifies which	port  monitors
       are  to	be  started.  For each port monitor to be started, sac forks a
       child (see fork(2)) and creates a utmpx entry with the type  field  set
       to  LOGIN_PROCESS. Each child then interprets its per-port monitor con-
       figuration script /etc/saf/pmtag/_config	, if the  file	exists.	 These
       modifications  to  the environment  affect the port monitor and will be
       inherited by all	its children. Finally, the  child  process  execs  the
       port  monitor,  using  the  command  found  in the _sactab entry.  (See
       sacadm; this is the command given with the -c option when the port mon-
       itor is added to	the system.)

   Polling Port	Monitors to Detect Failure
       The -t option sets the frequency	with which sac polls the port monitors
       on the system. This time	may also be thought of as half of the  maximum
       latency	required to detect that	a port monitor has failed and that re-
       covery action is	necessary.

   Administrative functions
       The Service Access Controller represents	the  administrative  point  of
       control	for  port monitors. Its	administrative tasks are explained be-
       low.

       When queried (sacadm with either	-l or -L),  the	 Service  Access  Con-
       troller	returns	 the  status   of  the	port monitors specified, which
       sacadm prints on	the standard output. A port monitor may	be in  one  of
       six states:

       ENABLED	       The  port monitor is currently running and is accepting
		       connections. See	sacadm(1M) with	the -e option.

       DISABLED	       The port	monitor	is currently running and  is  not  ac-
		       cepting connections. See	sacadm with the	-d option, and
		       see NOTRUNNING, below.

       STARTING	       The port	monitor	is in  the  process  of	 starting  up.
		       STARTING	 is  an	 intermediate state  on	the way	to EN-
		       ABLED or	DISABLED.

       FAILED	       The port	monitor	was unable to start  and  remain  run-
		       ning.

       STOPPING	       The  port  monitor has been manually terminated but has
		       not completed its shutdown procedure.  STOPPING	is  an
		       intermediate state on the way to	NOTRUNNING.

       NOTRUNNING      The  port monitor is not	currently running. (See	sacadm
		       with -k.) This is the normal "not running" state.  When
		       a  port	monitor	is killed, all ports it	was monitoring
		       are inaccessible.  It is	not possible for  an  external
		       user  to	 tell whether a	port is	not being monitored or
		       the system is down. If the port monitor is  not	killed
		       but  is	in the DISABLED	state, it may be possible (de-
		       pending on the port monitor being used) to write	a mes-
		       sage  on	 the inaccessible port telling the user	who is
		       trying to access	the port that it is disabled. This  is
		       the advantage of	having a DISABLED state	as well	as the
		       NOTRUNNING state.

       When a port monitor terminates, the SAC removes	the  utmpx  entry  for
       that port monitor.

       The  SAC	 receives all requests to enable, disable, start, or stop port
       monitors	and  takes the appropriate action.

       The SAC is responsible for restarting  port  monitors  that  terminate.
       Whether or not the SAC will restart a given port	monitor	depends	on two
       things:

	 o  The	restart	count specified	for the	port  monitor  when  the  port
	    monitor  was  added	 by  sacadm;  this  information	is included in
	    /etc/saf/pmtag/_sactab.

	 o  The	number of times	the port monitor has already been restarted.

SECURITY
       sac uses	pam(3PAM) for session management.  The PAM configuration  pol-
       icy,  listed  through  /etc/pam.conf,  specifies	the session management
       module to be used for sac. Here is a partial pam.conf file with entries
       for sac using the UNIX session management module.

       sac  session   required	 pam_unix_session.so.1

       If  there  are no entries for the sac service, then the entries for the
       "other" service will be used.

OPTIONS
       -t sanity_interval      Sets the	frequency (sanity_interval) with which
			       sac polls the port monitors on the system.

FILES
       /etc/saf/_sactab

       /etc/saf/_sysconfig

       /var/adm/utmpx

       /var/saf/_log

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       pmadm(1M),  sacadm(1M),	fork(2)	pam(3PAM), pam.conf(4),	attributes(5),
       pam_authtok_check(5),	 pam_authtok_get(5),	 pam_authtok_store(5),
       pam_dhkeys(5),	      pam_passwd_auth(5),	  pam_unix_account(5),
       pam_unix_auth(5), pam_unix_session(5)

NOTES
       The pam_unix(5) module is no longer supported. Similar functionality is
       provided	  by   pam_authtok_check(5),   pam_authtok_get(5),   pam_auth-
       tok_store(5), pam_dhkeys(5),  pam_passwd_auth(5),  pam_unix_account(5),
       pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10			  23 Oct 2002			       sac(1M)

NAME | SYNOPSIS | DESCRIPTION | SECURITY | OPTIONS | FILES | ATTRIBUTES | SEE ALSO | NOTES

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=sac&sektion=1m&manpath=SunOS+5.10>

home | help